CVE-2014-9154 Information

Description

The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields which allows remote authenticated users to obtain node titles teasers and fields by reading a notification email.

Reference

https://www.drupal.org/node/2320693 https://www.drupal.org/node/2320741